Blogs

A big announcement today from those of us at the EFF regarding the
NSA illegal wiretap scandal. We have filed a class-action lawsuit against
AT&T because we have reason to believe they have provided the NSA and
possibly other agencies with access to not only their lines but also
their “Daytona” database, which contains the call and internet records
of AT&T customers, and probably the customers of other carriers who outsource
database services to Daytona.

AT&T, we allege, gave access to this database when it should have told
the federal agents to come back with a warrant. This is the
communications records of not just people phoning Al-Qaida. It’s
the records of millions of ordinary Americans.

Allowing access to these records without a warrant is both a violation
of the law and a violation of their duties to protect the privacy of
their customers. Worse, we believe AT&T may still be doing it.

We’re asking the court to make AT&T stop giving the NSA or others
access without proper warrants, and to exact penalties for having
done so. The potential penalties are very, very large. We want to
send a message to carriers and operators like AT&T that they have
a duty to follow the law and protect their customers.

Last week I spoke at O’Reilly’s Emerging Telephony (ETEL) conference about CALEA and other telecom regulations that are coming to VoIP. CALEA is a law requiring telecom equipment to have digital wiretap hooks, so police (with a warrant, in theory) can come and request a user’s audio streams. It’s their attempt to bring alligator clips into the digital world.

Recently the FCC issued notice that they would apply CALEA to interconnected VoIP providers and broadband providers. They don’t have that power, and the EFF and several other groups filed suit last week to block this order.

In my talk, however, I decided to turn the tables. My “evil twin” gave a talk addressed at incumbent carriers (the Bells, etc.) and big equipment vendors as to why they should love CALEA, Universal Service and the E911 regulations.

A podcaster recorded it and here’s the blue box security podcast with that recording or you can go directly to the mp3 of my talk. I start 3 minutes into the recording, and it’s a 15 minute session. It was well received, at least based on the bloggers who covered it. You may not hear the audience laughter too well, but they got it, and came to understand just how bad these laws can be for the small innovator moving in on the incumbent’s cash cows.

Indeed, I like the “evil twin” so much that he’ll be back, and I’ll try to write up my talk as text some day if I get the time. When bad things happen, it’s useful to understand why some people might push for them.

With too many people defending the new levels of surveillance, I thought I would introduce a new word: Panoptopia — a world made wonderful by having so much surveillance that we can catch all the bad guys.

David Brin introduced the concept to many in The Transparent Society, though he doesn’t claim it’s a utopia, just better than the alternative as he sees it.

It used to be that “If you are innocent you have nothing to hide” was supposed to be a statement whose irony was obvious to all. Today, I see people saying it seriously.

Because of that, we’re on our way to building the pushbutton panopticon. We’re building the apparatus of very high levels of surveillance and pretending we are putting checks and balances on their use. Cameras everwhere. NSA taps into all international communications. Total Information Awareness and other large data mining projects. Vast amounts of our private records stored on 3rd party servers of search engines and email companies where we have fewer rights and even less control. CALEA requirements that phone equipment and broadband lines have pre-built wiretapping facilities, in theory to be turned on only with a warrant.

In all these cases we are told the information won’t be abused, that process will be followed. And in most cases, I can even believe them.

But the problem is this. Now our rights are protected not by physical limits or extreme costs, but by a policy decision. To the extreme, by a simple policy bit, a single switch. Now to change the society from a free one to a police state can become effectively just throwing a switch if you have the political will.

In the old days, creating a police state required taking over the radio stations with tanks, and putting police on all the street corners. We are building a world where it involves getting the political will to throw a switch. And we’re selling that switch to all the countries of the world as they buy our technology.

In playing with a few firefox extensions that display things like my cellular minutes used, I realized they were really performing a limited part of something that could be really useful — deep bookmarks which can go past login screens and other forms to go directly to a web page.

So many web sites won’t let you bookmark a page that you must log-in to see, and they time out your login session after a short time. The browser will remember my password for the login screen, but it won’t log me in and go to the page I want. Likewise, pages only available through a POST form can’t be boomarked.

A deep bookmark would be made by going to a page, then using the BACK tool to go back to the entry page before it, which may be more than simply the previous page. You would then ask for a deep bookmark, and it would record the entire path from entry/login page to most forward page, including items posted to forms. Passwords would be recorded in the protected password database of course.

This would work in many cases, but not always. Some deep URLs include a session ID, and that must explicitly not be recorded as the target, as the session will have expired. In a few cases the user might have to identify the session key but many are obvious. And of course in some cases the forms may change from time to time and thus not be recordable. Handling them would require a complex UI but I think they are rare.

This would allow quick bookmarks to check balances, send paypal money and more. There is some risk to this, but in truth you’ve already taken the risk with the passwords stored in the password database, and of course these bookmarks would not work unless you have entered the master decryption password for the password database some time recently.

We’re always coming up with new technologies that affect privacy and surveillance. We’ve seen court cases over infrared heat detectors seeing people move inside a house. We’ve seen parabolic microphones and lasers that can measure the vibration of the windows from the sound in a room. We’ve seen massive computers that can scan a billion emails in a short time, and estimates of speech recognition tools that can listen to millions of phone calls.

Today we’re seeing massive amounts of outsourced computing. People are doing their web searching, E-mails and more using the servers of third party companies, like Google, Yahoo and Microsoft.

Each new technology makes us wonder how it can or should be used. The courts have set a standard of a “resonable expectation of privacy” to decide if the 4th amendment applies. You don’t have it walking down the street. You do have it in your house. You don’t have it on records you hand over to 3rd parties to keep, or generate with those 3rd parties in the first place.

But I fear that as the pace of change accelerates, we’ve picked the wrong default. Right now, the spooks and police feel their job is to see how close to the 4th amendment and statutory lines they can slice. Each new technology is seen as an opportunity for more surveillance ability, in many cases a way to get information that could not be gotten before either due to scalability, or the rules. Right now, when technology changes the rules, most of the time the result is to lessen privacy. Only very rarely, and with deliberate effort (ie. the default encryption in Skype) are we getting the more desireable converse. Indeed, when it looks like we might get more privacy, various forces try to fight it, with things like the encryption export controls, and the clipper chip, and manadatory records retention rules in Europe.

I think we need a different default. I think we need to start saying, “When a new technology changes the privacy equation, let’s start by assuming it should make things more protected, until we’ve had a chance to sit down and look at it.”

Today, the new tech comes along, privacy gets invaded, and then society finally looks at the technology and decides to write the rules to set the privacy balance. Sometimes that comes from legislatures (for example the ECPA) and more often from courts. These new rules will say to the spooks and LEOs, “Hold on a minute, don’t go hog wild with this technology.”

We must reverse this. Let the new technologies come, and let them not be a way to peform new surveillance. Instead, let the watchers come to the people, or the courts and say, “Wow, we could really do our jobs a lot better if we could only look through walls, or scan all the e-mails, or data mine the web searches.” Then let the legislatures and the courts answer that request.

Sometimes they will say, “But our new spy-tech is classified. We can’t ask for permission to use it in public.” My reaction is that this is tough luck, but at the very least there should be a review process in the classified world to follow the same principles. Perhaps you can’t tell the public your satellites can watch them in their backyards, but you should not be able to do so until at least a secret court or legislative committee, charged with protecting the rights of the public, says you can do so.

If we don’t set such a rule, then forever we will be spied upon by technologies society has not yet comes to grips with — because the spooks of course already have.

Last night I was thinking to myself that we would probably see a big political todo when the war military death toll reaches 2749 — the number of people killed (not including the 10 suicide attackers) in the WTC on 9/11.

To my surprise, a little research showed we are well past the threshold. There have been 2221 U.S. soldiers killed in the Iraq conflict. In addition as of November 1, there had been 428 U.S. civilian contractors killed according to labour dept. statistics. I don’t have figures for civilian deaths of the last 3 months or for non-contractor civilian war-related deaths.
(On an additional note, 191 U.S. military have died in the Afghan war. I don’t have U.S. civilian figures.) Also note 189 died at the Pentagon, and 40 on UA Flight 93.

That puts U.S. dead at around 2840, well over the WTC number and probably over the 2980 9/11 total when other civilians are added.

However, the hidden reality is that number was passed quite some time ago. That’s because fewer than 2100 Americans were killed in the WTC disaster. A quick search showed stats putting the number of U.S. dead in the WTC at 2106(back when they thought the total death toll was 2800 so it’s a little high.) And that’s the right number because all this counting of American dead in the Iraq war is disingenuous to the vastly greater numbers of Iraqi civilians and other nationals killed in the war and war-related violence. So if the focus is on U.S. citizen deaths, the war-on-terror deaths now far exceed the 9/11 deaths.

Now, I haven’t made any political comment on what this means, though I am sure others will. I just found it interesting the way the real numbers pan out, in contrary to what we see commonly reported.

Here’s an idea to try — Scrabble played with Google as the base, rather than the dictionary. Ie. you can play any word you can find in Google (sort of.)

This obviously vastly expands the set of words, perhaps too vastly, and it brings in all foreign languages to boot. It includes vast numbers of joinedwords, and zillions of other things. As such you would want to consider the following limits:

Only words from Google 5 or more letters in length count. Just about everything of 3 or 4 letters is a domain name now.

Typos and misspellings don’t count. If Google suggests an alternate and you don’t have something else to back it up as real, it’s not usable.

Or more simply, require a minimum number of hits, like 1,000.

Make the rules for missing harsh. If your word is not in Google, you lose a turn, lose tiles, lose points etc.

Since there are not any numeric tiles, no 1337-speak. But you can get PWNAGE over other players.

Google is currently fighting a subpoena from the DoJ for their search logs. The DoJ experts in the COPA online porn case want to mine Google’s logs, not for anybody’s data in particular, but because they are such a great repository of statistics on internet activity. Google is fighting hard as they should. Apparently several Google competitors caved in.

These logs are a treasure trove of information, just as the DoJ experts say they are. No wonder they want them. They are particularly valuable to Google, of course, so much so that they have resisted all calls to wipe them or anonymize them. In fact, Google has built a fancy system with its own custom computer language to do massively parallel computing to let it gather statistics from this giant pool of data.

The DoJ and the companies that didn’t fight the order insist there is no personally identifiable information in these logs, but that’s certainly not true of the source logs. Even if you remove the Google account cookie that is now sent with most people’s queries, the IP address is recorded. I have a static IP address myself on my DSL. It’s always the same, and so it would be easy to extract all my searches, which include some pretty confidential stuff, things like me entering the names of medicines I have been prescribed. (It even includes me searching for “Kiddie Porn” because I wanted to see if any adwords would be presented on such a search. There were not, in case you are wondering.) Yahoo and MSN state the IP address and other information was stripped from what they handed over.

Static IPs are the norm for corporations and more savvy internet users, but while most DSL and cable users have a dynamic IP, it isn’t really very dynamic. If you have a home gateway box or computer that is on all the time, it changes very infrequently, in some cases, never. All your activity can be linked back to you through that address. Only dial-up users can expect any anonymity from their dynamic IP, and even then ISPs keep logs for some period of time which connect dynamic IPs and accounts.

But there is something far more frightening about this collection of data. I hope Google wins its fight over this data, because the DoJ really has no business forcing a private company to help them with their statistics problems.

But what about when a subpoena comes about an individual? Imagine you are under investigation for something, or just in a frivolous lawsuit or even a messy divorce. You can bet lawyers are going to want to say, for those with mostly-static IPs, “I want the search records for this IP, or this cookie.” And it’s going to be a lot harder for search engines to turn down those requests, because they will be specific and will relate to the data the search companies are holding on all of us.

One way to hold the lawyers back will be to make it expensive. But how long will it remain expensive? After a few requests, the software to pull the records will exist, and it will not be possible to claim it’s more expensive than the data mining Google already does for itself, to improve its own business.

Now, before it seems like I am ragging on Google here, let’s not forget that Google’s competition — AOL, Yahoo and MSN — hasn’t been even so good as to fight this first salvo. Yahoo has a whole department to comply with legal requests for their records, and famously handed over the ID of a journalist who sent an E-mail that has landed him in a Chinese jail. When it comes to intent, Google has indeed been the “do the least evil” company here.

But with court orders, intent matters not. This pool of data is an “attractive nuisance.” In the end, I think Google will realize it has to start anonymizing this data to the point that it can respond to requests with “we don’t have that information.” Doing so will erase information that can be valuable to Google’s business. It will come at a cost to them. Worse, the cost can’t be predicted because they will lose the ability to learn new things they haven’t even realized they want to learn about how people use their tools. But in the end, it’s the only choice, both to keep their subpoena costs down, and to make users comfortable with searching.

Perhaps these logs were handed over without IPs or user names. But what if somebody browses them and sees queries on things like kiddie porn or white house security or how to build a nuclear bomb? Could that be sufficient cause for a further order to get the identifying information associated with that query?

In the meantime, if you feel motivated to foolishly search for things that could be misinterpreted, as I did, may I recommend you do so through Tor, the anonymizing proxy. (The EFF provided significant financial support to the development of Tor.) Tor bounces your web requests through a series of randomly chosen servers, all encrypted, so nobody can trace back your requests to you. Be sure not to login when using it, though!

How often does it happen? There’s an important idea or action which is controversial. The bravest come out in support of it early, but others are wary. Will support for this idea hurt them in other circles? Is the idea against the “party line” of some group they belong to, even though a sizeable number of the group actually support it? How can you tell.

What the world needs is a way that people can register their support for something anonymously and learn how many other members of their group also secretly support it — but not who. However, once the support reaches a certain threshold, their support would become public. And not just public, but an actual binding committment to the support.

For example, Republicans may oppose the war, or the wiretapping, but are afraid to say so, even among their closer associates. What if really a lot of people feel that way, but nobody speaks up?

Now, obviously, you can do this with a trusted web site where people register and then can vote on issues. But you have to really, really trust the web site, because some of the positions such a system is designed to record are ones that could get you branded a traitor to the group. For issues like war, no web site could be trusted.

So can it be done cryptographically? Is there a way to do this in a public space? I think that with the use of things like Chaum’s blinding algorithms, and fragmented keys (So that a secret message can be decoded in the presence of N of M key fragments, but no fewer than N) it would be possible to create a club, give everybody fragments of everybody else’s key for a given message, and thus arrange that only after at least N votes of support arrive, everybody can decrypt the identities of the supporters. But it’s a bit messy, and might require new generation of keys for every question and various other complex logistics.

There is a particular danger as well. Opponents of a proposition might well pretend to be supporters, in order to bump the support number above the threshold and reveal who the “traitors” are. The opponents would make sure to record that their support was fake in some notarized location so they can renounce it when the names are revealed.

As such, in a governing body, it would be necessary to make the measures of support non-repudiable, which is to say they would be binding votes.

Say you wanted to have a vote to legalize gay marriage. There might be lawmakers who would support it, but could not do so publicly while it’s likely to lose. However, once it is assured to pass, they would accept making their support public — as is necessary in an open legislature. People would see the tally go up, and once it hit a majority the vote would pass. This stops people from pretending to support something just to unmask the real supporters.

Of course none of this prevents regular open support or opposition on things. Would the temporary secrecy cause risks due to some temporarily reduced transparency? And of course on failed propositions, the transparency would be permanent. (Or perhaps permanent until the person leaves office or dies or whatever.) Would it be good or bad that we knew that 30% of the house would vote to ban abortion if they could win, without knowing who they were?

Of late there’s been talk of ISPs somehow “charging” media-over-IP providers (such as Google video) for access to “their” pipes. This is hard to make sense of, since when I download a video from a site, I am doing it over my pipe, which I have bought from my ISP, subject to the contract that I have with it. Google is sending the data over their pipe, which they bought to connect to the central peering points and to my ISP. However, companies like BellSouth, afraid that voice and video will be delivered to their customers in competition with their own offerings, want to do something to stop it.

To get around rules about content neutrality on the network that ILEC based ISPs are subject to, they now propose this as a QOS issue. That there will be two tiers, one fast enough for premium video, and one not fast enough.

Today I’ve seen comments
from Jeff Pulver and Ed Felten on possible consequences of such efforts. However, I think both directions miss something… (read on) read more »

A really geeky idea: A fedora (common hat of the classic press photographer's uniform) or other hat with a built in remote controlled flash unit in it.

As photographers know, on-camera flash sucks. You get no shadows, and the people look like washed out deer caught in the headlights. If the flash is really close to the lens as it is in small point and shoot cameras, you get red-eye. The best is to do bounce flash where you can, off the ceiling, or in the studio off umbrellas or through softboxes. Most importantly, the flash is not at the camera. It's typically 20-40 degrees away, and also elevated.

You can't have that walking around without a lovely assistant holding a slave flash. Many pro photographers buy an "L" shaped arm which puts the flash about a foot from the camera, usually above and to the right. If you can't have that you have a hotshoe mounted flash on top of your camera.

I'm suggesting some style of hat you can mount a flash in. This would not be perfect, in fact it would be only a little bit higher than a hotshoe flash. And it would be above your eyes, not off to the side like it should be. It would be controlled by IR, or even better, RF. (I don't know why they don't work out a standard protocol for flash control over IR or RF and just put a transmitter in every camera made, since such circuits, especially IR LEDs, are super cheap.)

In particular, with live preview digital cameras, you can hold the camera away from your eyes. So even though the flash is 8" above your eyes, the cameras can be off to the right, or down low, for better lighting. Of course be sure to have head facing the subject even though your eyes are looking at the camera.

The hat-mounted flash would make the camera less unweildy compared to a big hotshoe mounted one. The batteries and circuits would be inside the hat of course. You could also place the flashtube itself out ont he rim of the hat for more distance, though it would not be so unobtrusive as a hat with a small clear panel at the front. Though you need height -- light from below looks creepy, of course.

Here's an idea I had years ago and tried to promote to some of the earliest wireless companies, such as Metricom, without success. I just posted it on Dave Farber's IP list, so I should write it up again for my own blog...

The idea is a win-win situation for wireless service and municipalities. Combine wireless data service with traffic light control. Offer a wireless mesh company the use of a city's traffic light poles -- which provide a nice high spot at every major intersection in town, with power available -- in exchange for using that network for traffic control. Indeed, I think this space is so valuable to the wireless companies that they should probably buy traffic control software and offer it free to the cities.

The bandwidth for light control is of course trivial. One could also support traffic cams (though hopefully not universal surveillance cams) to help provide dynamic adjustments to the traffic system.

Today, full-bore automatic traffic lights are expensive -- $150,000 in many cases. That's because of the need to bring in safety-equipment grade power, and to dig up the road to lay down vehicle sensors,
as well as data of course. That's changing. New lights use LEDs and thus a fair bit less power. (Some cities have realized that the LED switch pays for itself very quickly.) I think car sensor tech is changing too, and especially with a large market, either LIDAR or CCD cameras with automatic recognition should be capable of good traffic detection without digging up the road.

So it's a win all around. Cities get better traffic flow (and less gas is burned) and wireless networks sprout everywhere to compete with the monopoly cable/ILEC crew.

For places where a full street light is too expensive, I have also suggested the [wireless brokered 4-way stop](/archives/000118.html) as an alternative.

Can giant companies, especially monopolies, ever get it right? Listen to this litany of the efforts to move my phone service, and get DSL.

SBC offers rebate of the $35 install fee if you order your service transfer online. Great.

First attempts to do it fail. When it says I can’t do this, it gives me an 800 number to dial to make the trasnfer. Number asks me which state I am in, and offers a choice of Texas, Oklahoma and a few other Southern states. Press 0, eventually get to agent who says, “You’re in California, I can’t help you.”

Try to call California customer service. Long IVR and long wait. Have no idea who to ask to fix web problem.

Email online customer service. A few days later I get a canned meaningles response, as is so common with online customer service these days.

Notice there is a $100 gift card offer if you sign up for DSL online. That’s great, since at the 6 month promo price, you can effectively get DSL free for 6 months if you want it.

Promo notice says terms of $100 gift card can be found at www.sbc.com/polarexpress. This URL just redirects to the AT&T home page. Mucked up in the merge. Nobody knows who to tell to ask to fix it. Did email customer service, never heard back. Nobody at the live agent desk knows the terms of the online promotion of course.

Phone customer service says they can take my order, but will charge me $35. I should have accepted that then and there!

Instead I try online transfer again. Now it lets me in. But it can’t find “23rd avenue” in their database. I try many permutations

Yes, I order the transfer to address on 23D avenue. That works. It asks if I want DSL too.

Note that while I am moving the phone, I am not changing the billing address which was always a different location. I have to re-enter my billing address.

I order DSL. It asks for new phone number and account code. It says order is taken, but account code was incorrect. I’m presuming that’s because there’s a new phone number. Says somebody will contact me in 48 hours to verify account code.

No sign of DSL order. I phone. They say no sign of order, and can’t place order on phone number yet to be installed. I phone again, they confirm account code is the same for me with the new number as with the old.

Still no sign of DSL order. Promoted to smarter agent. Smarter agent says DSL order was “dropped” due to some problem, possibly not being able to find new target address. (Though it says 23D on the order.) Can’t place order. Old number at the location does not match the address. Some other disconnected number is also ringing the phone at the new location!

Transfer to yet smarter agent. 10 minute wait. I explain I want the gift card, but deadline for ordering is the 15th. Other agents have now said I can’t order until I get dial tone, which is the 18th.

Smarter agent says she can place the order for me even though there is no dial tone. However, won’t get $100 gift card. Puts note in file about how order was dropped due to their error so if I am crazy enough, I can call to try and get it.

In theory order is now in place, but for another week after I get dial tone. So no DSL for a while.

Who knows how many hours of time wasted in all this? I would not have SBC at all if not for the fact you must get SBC voice to get DSL at a good price, and it is a good backup if you do have a VoIP failure in any event.

Well, I am going to get a bluetooth cell phone shortly and so I got a headset and dongle to use on my laptop, where I also make VoIP calls.

I was shocked, flabbergasted to find that the bluetooth headset profile only transmits audio at telephone quality 8khz sampling rate. So even plugged into my laptop for hifi (didn't think I
would ever need to use that term again) recording, it sounds like a telephone, and likewise for
playback.

Why? Why? Why?

This makes all the typical bluetooth headsets a terrible choice for Skype or other hifi voip, no good as voice recorders, terrible for listening to ordinary quality audio and effectively useless for anything but toll-quality phone calls.

It would have been so simple to have allowed the headset profile to support higher quality, or to simply have it always do high quality and let the cell phones do the trivial downsampling. I realize that an earpiece is not going to provide headphone quality but there's no reason it should always sound like crap.

Bluetooth includes a "headphone" profile that does CD quality digital audio, and that profile can in theory have microphone to make a hifi headset, but that's not what everybody is buying these days, so no point in making sofware products (such as VoIP tools) that use a bluetooth headset and want higher quality.

Perhaps a few years down the road it will be common to have headphone profile headsets but we are now a long way away from this.

This week I will be doing some demos of Voxable, my system that combines VoIP, presence and all sorts of cool stuff I won’t be writing about in the public blog to create a new user interface for the phone that is both as modern and internet as it can get while also being a reflection of the ancient interface for the phone that was lost.

This project underwent development a couple of years ago, but was put on hold after investment in telecom became a dirty word. Suddenly, with the $3 billion purchase of Skype, the excitement about a Vonage IPO and other hot deals, new tech in telecom is attracting investor attention. I have the software (not shippable) but to get funding I need to expand the team. I’m seeking hotshot programmers. (the current work is in Java, the web interfaces will be in javascript/ajax, and the windows client is in C++/win32 but truth is, if you’re the type of programmer I like, the language isn’t crucial.) Later I’ll be seeking other folks in marketing and bizdev when there is significant work for them to do.

Anyway, if this space interests you, contact me (btm@templetons.com) to try to attend one of the demos. They will be Wednesday the 11th in Sunnyvale, CA at 1:30 pm and Thursday the 12th in the financial district of San Francisco, 1pm. For the right folks, and for potential investors, demos can be arranged at other times, even remotely. (Though I tend to reserve telecommuting to those I’ve worked with and know have the discipline for it.) This is pre-funding startup mode — which means working or moonlighting for lottery tickets (options) with at most survival salary — until the funding arrives. People I know are Ok with frieNDA, for strangers a two paragraph written NDA will be appreciated. Coders should send me an ASCII resume in advance.

While most of the action in new telephony up to now has been in the “how” and “what” — infrastructure and PSTN replacements, I believe the user experience is where the value will truly lie. And he who owns the user experience will own the user, something a lot of companies are very keen to do in the telecom world. That’s why I’ve invested and coded in this area and why you might be too.

As blog readers will know, I’ve been in the innovation seat before, beginning as the first employee of the first major PC applications software company (VisiCorp), then creating many innovative and award winning programming tools, then founding the world’s first dot-com (ClariNet) and next there will be Voxable.

Who could possibly imagine wanting spam? Well, I just read that in the USA, 100 million trees are felled every year for junk mail. 28 billion gallons of water used to process the paper. And 350 million dollars spent to throw it out. That doesn't include I presume the other costs, including postage and wasted time, this is just the paper part of it.

So I started musing. What if the USPS started making some new rules for bulk mail rates. In particular, that if you want to do bulk mail, you must either use a bonded mailing house, or a special service provided by the post office to which you provide your mailing list. And you MUST provide a PDF or other electronic form of your mailing, with formats for the stupid customizations that they do to mailings. This would simply be the new rule for the bulk pieces.

And then, any household or other address could say, "Give me my bulk mailings in electronic form."
Or possibly fine grain it by sender ID, so that if you want a certain set of senders to be on paper you can specify that, and all others come electronic.

Of course they don't come to your regular mailbox unless you ask. They go to a special mailbox of your choice, perhaps an extra you have or one run by the USPS. Perhaps you go to the USPS web site to see your junk mailings.

All sounds great but of course there are some hairy problems. Obviously shippers would not want to pay the full bulk postage for this, nor should they. However, it is not simply because of the fact that no paper is mailed, it's because people will probably not look at these items as much as they look at their paper junk mail. Like it or not, they spend 50 cents to a dollar for a typical paper junk mailing because they make a profit. However, do they make a profit from the people who would say "don't do it."

In Canada, houses can declare "no flyers" on their mailbox. This stops delivery of bulk flyers, but not mail with postage. It's a start.

The reason the bonded mail houses are needed is that the mailers must not get to learn who is getting PDF and who is getting paper, just how many there are of each. So they provide only that many paper pieces and pay full postage for those, and a minimal postage for the electronic ones. Not zero -- it is the zero cost that enables spam, after all. With a few cents of cost you still think about the cost of what you are mailing. There is a risk some marketers would want to mail only the electronic customers, and then mail far more stuff since the cost would be a few cents vs. a dollar.

The DMA lobby would probably go nuts fighting this plan, though some of them might love it, since the electronic versions, if looked at, would save a ton of money. And eventually they would just try to get people on "permission marketing" opt-in commercial mail lists, and bypass the postal service and its costs.

So I'm probably dreaming. But it always annoys me to see people generate a big document on a computer and print it on paper for me to toss in the garbage, or at most glance at. The times I would glance, I would be happy enough to get it in electronic form. For those who really want their paper junk mail sometimes, they could offer a service where you click on the junk mail items you liked and they are sent to you on paper later.

For many the guest bed has for years been the sofabed. But they are usually terrible beds, with too-thin mattresses that get lumpy. People are moving more towards inflatable beds they put on the floor or a stand. On the floor of course is not comfortable either.

So why not a sofabed with an air mattress inside, a quality one like those found in the higher-end airbeds. Those are quite nice to sleep on, with adjustable firmness. You can't have the thick foam walls, those would have to be inflated, but you could have the foam padding on top. Could auto-inflate with built in pump.

I wrote earlier this week on the discovery that people were blacklisting sites with email autoresponders. More thought and debate on the issue has led to a number of thoughts over how to solve the issues around autoresponders, in particular the concern that they will respond to messages with forged From addresses.

These thoughts have been laid out in this essay on practices for autoresponders which starts off by pointing to RFC3834, and goes further in a world where people might want to blacklist sites just for autoresponding.

The RFC specfies a way for an autoreponse to be reliabily identified as such. Those who are blacklisting or filtering autoresponders can use this so that if they are going to go about blacklisting a site for running an autoresponder (as is required in the SMTP spec) that they only blacklist further autoresponses, and not ordinary mail from the same server. While some blacklisters, unfortunately, have a capricious disregard for the consequences of their actions, most of them agree that they should wish to block as little legitimate, desired mail as possible, ideally zero, so techniques which can make this happen deserve their attention.

There are many other techniques outlined in my essay on challenge-response best practices which are still not followed (admittedly in a few cases even by my own code, since I never put it into public distribution.) These techniques make C/R not only workable, but I believe a must in any good anti-spam system. If somebody’s anti-spam system is going to block my mail, I want the ability to know about it and reverse that decision by proving I’m not a robot. While it is annoying to have to respond to a challenge, if the alternative is not having your mail read, most people would take the challenge — if it was really necessary. C/R systems allow systems to have no false positives, at least for non-anonymous mailers, and that should be the goal for everybody.

We risked running low on fuel today, and saw the car sputter briefly while going up a hill. Made it to the gas station fine, in fact with a gallon to spare, it seems.

I presume the gas lines in this car drain from one low spot in the gas tank, but when it's on a slope and very low, there's no fuel there. Why can't we have a series of drains at both back and front (and even all 4 corner points.) It would have to go down from there to stop air getting into the fuel line from the exposed fuel outlet, which may be the reason this isn't done, since the tank is usually down low for various good reasons. Could a smart valve allow for any hose exposed to air to close so that air doesn't get in the line?

I guess stalling going up a hill might not be the end of the world in most places, since you can go down to a flat part and start again, but in a "U" you would be trapped.